Symfony 3.4. I have a problem with forcing mailer use only https with URLs in mail such as activation/forgot password mail from FOSBundle, example:
message: |
Hello %username%!
To finish activating your account - please visit %confirmationUrl%
This link can only be used once to validate your account.
Regards,
the Team.
is there way to force mailer use https for %confirmationUrl% and others? Thanks!
Force the routes -that are used to generate full URL's- to https. See this page.
To do that you will have to add your own version of the fosuserbundle routing. You can find the routing files here.
Copy them to your src/AppBundle/Resources/config bundle directory and edit them to make them force https and change app/config/routing.yml to include your own files
Related
I use wordpress for my website. I have a api system in my current theme for follow-unfollow system. When I try to follow or unfollow, my api request blocking.
My Url;
https://my_website.com/wp-content/themes/my_theme/api.php?
I got 403 error.
How can I solve it?
I am using Aksimet Anti Spam, iThemes Security, Wp Scan and Loginizier.
Try to make a page api and make the api.php a template. Try to access it from there, I'm not sure if any of your plugins refuse access to the wp-content/themes or what but my api is a template on a page :)
I have a WordPress website hosted on Amazon Ubuntu.
Amazon reported that my server is sending a WordPress login attempt requests to other servers on Amazon.
My website is just a landing page with a contact form. How do I prevent such incidents?
You can block external http requests check adding
define( 'WP_HTTP_BLOCK_EXTERNAL', true );
in wp-config.php
Since you have already found a bad curl call in your source, I strongly suggest you check the integrity of your Wordpress installation.
If you have WP CLI available you can do this with the command wp core verify-checksums.
If you don't have WP CLI available you can use this excellent solution by Jan Reilink (either directly or as a starting point for your own code).
Either way you'll get output that tells you whether or not additional files have been modified (you could then restore them from the same WP version source). This will not be a catch-all-method in regards to malware, but I think it can be helpful in your specific situation.
Given that the code that's causing these requests is not part of the Wordpress core the answer to your question is some of the general best security practices for Wordpress:
Keep Wordpress and plugins updated
Use strong passwords for users
Add a captcha and brute force protection to your login page if possible
I have a big problem with a website I edited for a client.
My client said he enabled his free SSL from his host. I installed a force https plugin on his wordpress installation. After that, I edited the address to https instead of http (In general settings).
Now I can't access the website or the wp Login. Apparently the SSL wasn't activated.
This is the error I receive : ERR_SSL_UNRECOGNIZED_NAME_ALERT
Is there a way to either change the website address (from the settings) or disable the plugin?
To disable a plugin:
Using FTP, go to wp-content/plugins/, find the https plugin folder and rename it to something else it.
For change in general settings:
You could try to add the following code in wp-config.php file:
define('WP_HOME','http://example.com');
define('WP_SITEURL','http://example.com');
Another way is to change those values directly in the database. Here is one article that shows how to do that.
I need make a CMS based en Symfony and the principal work is create subdomains and URIs... any idea where to start? I working with Symfony but I have not done anything like never ...
Thanks !! :)
You should start reading about Symfony2 routing
Then you have to use an A record in your domain administration pointing every subdomain (wildcards) to an specific ip, and editing your .htaccess in order to get an specific response (based on symfony routes) for your subdomains. This post can help you
I am currently working on a intranet with a CMS (Drupal or Wordpress). I have to authenticate the users via Active Directory Database (more precisely Server Radius). I don't want to import the data but just check if the login and password are correct in AD. I search if there were a module/plugin in Drupal or Wordpress but i'm very lost because i found LDAP plugins and not Server Radius....
What's the difference between the two ? and can i use those plugin ?
Thanks a lot !
I would suggest you to use WordPress and use Active Directory integration plugin. it is very easy to use and configure and best of all it works.
install WAMP and Wordpress. here is tutorial
enable php ldap extension (check the below given instruction).
install Active Directory integration plugin
fill up all required configuration detail. (such as domain controller, Base Dn and Account Suffix this filed must be filled)
test the connection.
login to WordPress standard login screen using AD user info.
instruction to enable ldap php extension using wamp.
*click on wamp icon on task-bar*
*click on php floder*
*click on php extension*
*select php_ldap e.g*
let me know if you stuck somewhere or if any of the above instruction don't make sense.
hope that help.